Protect SSL_connect(); Nanosleep() with decimal output

xio-openssl.c

@@ -26,7 +26,6 @@
    (not only tcp, but also pipes, stdin, files...)
    for tcp we want to provide support for socks and proxy.
    read and write functions must use the openssl crypt versions.
-   but currently only plain tcp4 is implemented.
 */
 
 /* Linux: "man 3 ssl" */
@@ -1976,12 +1975,20 @@ static int xioSSL_set_fd(struct single *sfd, int level) {
    should not retry for any reason. */
 static int xioSSL_connect(struct single *sfd, const char *opt_commonname,
 			  bool opt_ver, int level) {
+   sigset_t masksigs, oldsigs;
    char error_string[256];
-   int errint, status, ret;
+   int errint, status, _errno, ret;
    unsigned long err;
 
+   sigemptyset(&masksigs);
+   sigaddset(&masksigs, SIGCHLD);
+   sigaddset(&masksigs, SIGUSR1);
+   Sigprocmask(SIG_BLOCK, &masksigs, &oldsigs);
    /* connect via SSL by performing handshake */
-   if ((ret = sycSSL_connect(sfd->para.openssl.ssl)) <= 0) {
+   ret = sycSSL_connect(sfd->para.openssl.ssl);
+   _errno = errno;
+   Sigprocmask(SIG_SETMASK, &oldsigs, NULL);
+   if (ret <= 0) {
       /*if (ERR_peek_error() == 0) Msg(level, "SSL_connect() failed");*/
       errint = SSL_get_error(sfd->para.openssl.ssl, ret);
       switch (errint) {
@@ -2005,7 +2012,7 @@ static int xioSSL_connect(struct single *sfd, const char *opt_commonname,
 	    if (ret == 0) {
 	       Msg(level, "SSL_connect(): socket closed by peer");
 	    } else if (ret == -1) {
-	       Msg1(level, "SSL_connect(): %s", strerror(errno));
+	       Msg1(level, "SSL_connect(): %s", strerror(_errno));
 	    }
 	 } else {
 	    Msg(level, "I/O error");	/*!*/